Host based firewall or lan based firewall
I am in the process of taking over an existing hosting company and upgrading things, and I wanted to find out some info.
I am very technically inclinded with network security experience in the enterprise environment, just not the hosting business.
Do you use host based firewalls (ipchains/iptables) for each individual box, or lan based (checkpoint, pix, netscreen, etc...) and secure the boxes behind the fw with specific ports being opened up?
Is the use of private ip's and NAT with a lan firewall ideal or just keep it simple and use public ip's and named-hosting?
I'm not really looking for a how-to, just a general information and direction in the correct path.
There is probably 1/2 dozen right ways to do one thing.
Thanks!
